Phishing is a cyber attack that gathers sensitive information like login credentials, credit card numbers, bank account numbers or other financial information by masquerading as a legitimate site. Personal information like social security numbers, phone numbers and social media account information are also common targets for cybercriminals who perform identity theft. Phishing scams trick victims by using social engineering to create a sense of urgency.
If you are involved in the cyber security processes, you must have heard of the term threat hunting. In this article, we discussed this rather popular concept in detail. Being one of the buzzing concepts of cyber security, threat hunting has been increasingly popular, but what does it refer to? Do you need it? Should you be doing it? We will answer all these questions in detail.
Photo by BENCE BOROS on Unsplash Welcome to the world of Internet of Things (IoT) and a glimpse into the future. The IoT is where the physical world merges with the digital world. Soon, we expect the world IoT population to outnumber the human population tenfold—perhaps as many as 80 billion connected devices by 2025.
The digital world has become a dangerous place. It’s like the Wild West (the movie kind, not the real kind, which was decidedly less wild than it’s portrayed), with outlaws out to do you harm and make off with your precious data. Fortunately, like any good western, there are also honour-bound gun slingers seeking to bring law, order and – most importantly – security to the digital landscape.
Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until ransom is paid. Ransomware spreads through phishing emails, malvertising, visiting infected websites or by exploiting vulnerabilities. Ransomware attacks cause downtime, data leaks, intellectual property theft and data breaches. Ransom payment amounts range from a few hundred to hundreds of thousands of dollars. Payable in cryptocurrencies like Bitcoin.
An information security policy (ISP) is a set of rules, policies and procedures designed to ensure all users and networks within an organization meet minimum IT security and data protection security requirements. ISPs should address all data, programs, systems, facilities, infrastructure, users, third-parties and fourth-parties of an organization.
An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites.
Like storytelling, data visualization can be used to provide a narrative about your organization’s cybersecurity posture. Cybersecurity is never a single thing; it is an amalgamation of an often growing list of issues that never seem to end. So in order to make some sense of what it means for the health of your organization, I am combining several metrics to define a singular one—cybersecurity posture—in a visual manner.
As of today, no laws or regulations, even the latest version of PCI-DSS, HIPAA, and HITECH, do not make network segmentation or micro-segmentation compulsory to comply with the rule. By making network segmentation discretionary -- even when transmitting, processing, or storing regulated data, the number of breaches will continue to rise as companies err on the side of doing less with more.
